00 

o 



o 

< 

03 
O 

*tr 
o 



CNJ 



eg 



CVJ 



Certificate 
Manager 




Data Recovery 
Manager 




► 


► 



A 



CD 

CO 

CO 

_Q 

CD 
-*— » 

CD 

Q 




CM 

£ 




CO 

o 

CN 





O 








thor 


Certificate 
Manager 




Certificate Aul 








CO 



START 



Generate public and 
private key for user 



402 



Encrypt user's private 
key with data recovery 
manager's transport key 



Registration manager receives 
user's keys and request 



Send user's data recovery 
manager transport encrypted 
private key and user's public 
key to data recovery manager 



Data recovery manager 
decrypts transport-encrypted 
user's private key 



404 



Send user's public key and 
user's data recovery manager 
transport encrypted private key 
and certificate request 



406 



408 



410 



412 



User 
private key 
correspond to 
user public, 
-key?. 

Yes 



.414 



\ No . 


Registration 


^416 




denied 














r 



J 

^ END ^ 



Figure 4A 



© 



Encrypt user's private with 
data recovery manager's 
public storage key 



Store user's data recovery 
manager storage encrypted 
private key in internal 
database 



418 



420 



Create proof of archival token 



X 



m 



Sign proof of archival 
token using data recovery 
manager's private key 



Send signed proof of archival 
token to registration manager 



Registration manager verifies 

token using data recovery 
manager transport public key 



.422 



.424 



.426 



428 




Figure 4B 



© 



Send request to 
Certificate Authority 



x 



434 



CA returns certificate to 
registration manager 



436 



Registration manager 
returns certificate to client 



438 



( END ) 



Figure 4C 



